update versions used in workflow steps

jgadsden · web-flow · commit 8855de8d2f7b · 2024-06-04T08:24:52.000+01:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -9,7 +9,7 @@ on:
 jobs:
   link_checker:
     name: Link checker
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout markdown
         uses: actions/checkout@v4.1.1
@@ -18,14 +18,14 @@ jobs:
         uses: lycheeverse/lychee-action@v1.10.0
         with:
           # skip the jekyll files
-          args: --verbose --no-progress --max-retries 5 --exclude-path './_includes/*.html' '**/*.md' '*.md'
+          args: --no-progress --max-retries 5 --exclude-path './_includes/*.html' './draft/**/*.md' '*.md'
           fail: true
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
 
   md_linter:
     name: Lint markdown
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout markdown
         uses: actions/checkout@v4.1.1
@@ -38,10 +38,10 @@ jobs:
 
   spell_checker:
     name: Check spelling
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout markdown
         uses: actions/checkout@v4.1.1
 
       - name: spell_checker
-        uses: rojopolis/spellcheck-github-actions@0.36.0
+        uses: rojopolis/spellcheck-github-actions@0.37.0
diff --git a/.github/workflows/housekeeping.yaml b/.github/workflows/housekeeping.yaml
@@ -9,7 +9,7 @@ on:
 jobs:
   chores:
     name: Tidy workflows
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       actions: write
 
@@ -29,7 +29,7 @@ jobs:
 
   link_checker:
     name: Link checker
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout markdown
         uses: actions/checkout@v4.1.1
@@ -38,7 +38,28 @@ jobs:
         uses: lycheeverse/lychee-action@v1.10.0
         with:
           # skip the jekyll files
-          args:  --verbose --no-progress --max-retries 5 --exclude-path './_includes/*.html' '**/*.md' '*.md'
+          args:  --no-progress --max-retries 5 --exclude-path './_includes/*.html' '**/*.md' '*.md'
           fail: true
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+  stale:
+    name: Tidy pull requests
+    runs-on: ubuntu-24.04
+    permissions:
+      pull-requests: write
+      issues: write
+
+    steps:
+      - name: Tidy stale PRs and issues
+        uses: actions/stale@v9
+        with:
+          days-before-issue-stale: 182
+          days-before-issue-close: -1
+          stale-issue-message: 'This issue is stale because it has been open for 6 months with no activity.'
+          stale-issue-label: stale
+          remove-issue-stale-when-updated: true
+          days-before-pr-stale: 90
+          days-before-pr-close: 7
+          stale-pr-message: 'This PR is stale because it has been open 90 days with no activity. Remove stale label, or add a comment, otherwise it will be closed in 7 days.'
+          close-pr-message: 'This PR was closed because it has been stalled for over 3 months with no activity.'
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -9,7 +9,7 @@ on:
 jobs:
   link_checker:
     name: Link checker
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout markdown
         uses: actions/checkout@v4.1.1
@@ -18,14 +18,14 @@ jobs:
         uses: lycheeverse/lychee-action@v1.10.0
         with:
           # skip the jekyll files
-          args: --verbose --no-progress --max-retries 5 --exclude-path './_includes/*.html' '**/*.md' '*.md'
+          args: --verbose --no-progress --max-retries 5 --exclude-path './_includes/*.html' './draft/**/*.md' '*.md'
           fail: true
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
 
   md_linter:
     name: Lint markdown
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout markdown
         uses: actions/checkout@v4.1.1
@@ -38,17 +38,17 @@ jobs:
 
   spell_checker:
     name: Check spelling
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout markdown
         uses: actions/checkout@v4.1.1
 
       - name: spell_checker
-        uses: rojopolis/spellcheck-github-actions@0.36.0
+        uses: rojopolis/spellcheck-github-actions@0.37.0
 
   export_draft:
     name: Export epub and pdf (Draft)
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: [link_checker, md_linter, spell_checker]
     steps:
       - name: Checkout markdown
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -9,38 +9,33 @@ on:
 
 # for security reasons the github actions are pinned to specific release versions
 jobs:
-  create_release:
-    name: Release pull-request
-    runs-on: ubuntu-22.04
+  create_artifacts:
+    name: Create artifacts
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Checkout markdown
         uses: actions/checkout@v4.1.1
 
-      - name: Promote draft to release
+      - name: Fix up markdown
         run: |
           echo "GITHUB_WORKFLOW: ${GITHUB_WORKFLOW}"
           echo "GITHUB_REF_NAME: ${GITHUB_REF_NAME}"
-          cd draft
           pwd
-          find . -name "*.md" ! -name "info.md" -exec cp '{}' '../release/{}' \;
-
-      - name: Fix up markdown
-        run: |
-          pwd
-          find release -name "*.md" -exec sed -i "s|permalink: /draft/|permalink: /release/|" {} +
-          find release -name "*.md" -exec sed -i "/The OWASP Developer Guide is a community effort/d" {} +
-          find release -name "*.md" -exec sed -i "/edit on GitHub/d" {} +
-          find release -name "*.md" -exec sed -i "/www-project-developer-guide\/issues\/new?labels/d" {} +
-          find release -name "*.md" -exec sed -i "/www-project-developer-guide\/blob\/main/d" {} +
-          find release -name "*.md" -exec \
+          echo "rename draft to release"
+          find draft -name "*.md" -exec sed -i "s|permalink: /draft/|permalink: /release/|" {} +
+          find draft -name "*.md" -exec \
           sed -i "s/.*the latest contributions to the Developer Guide.*/\#\#\# Release version $GITHUB_REF_NAME/" {} +
-          find release -name "*.md" -exec sed -i "s/ (Draft)//gI" {} +
-          find release -name "*.md" -exec sed -i "/order: / s/$/0/" {} +
+          find draft -name "*.md" -exec sed -i "s/ (Draft)//gI" {} +
+          echo "remove contributing footer"
+          find draft -name "*.md" -exec sed -i "/The OWASP Developer Guide is a community effort/d" {} +
+          find draft -name "*.md" -exec sed -i "/edit on GitHub/d" {} +
+          find draft -name "*.md" -exec sed -i "/www-project-developer-guide\/issues\/new?labels/d" {} +
+          find draft -name "*.md" -exec sed -i "/www-project-developer-guide\/blob\/main/d" {} +
 
       - name: Combine markdown
         run: |
-          tail --lines=+14 -q $(find release -name "*[0-9]*.md" | sort) > release.markdown
+          tail --lines=+14 -q $(find draft -name "*[0-9]*.md" | sort) > release.markdown
           mkdir -p publish
 
       - name: Export to pdf
@@ -63,48 +58,70 @@ jobs:
             release/title.yaml
             release.markdown
 
-      - name: Save pdfs and epubs
+      - name: Store pdf and epub assets
         uses: actions/upload-artifact@v4.3.0
         with:
           name: export-docs
           path: publish
 
-      - name: Update pdfs and epubs
-        run: |
-          pwd && ls -hal publish
-          cp publish/OWASP_Developer_Guide.* assets/exports/.
+  create_release:
+    name: Create pull request
+    runs-on: ubuntu-24.04
+    needs: create_artifacts
+
+    steps:
+      - name: Checkout markdown
+        uses: actions/checkout@v4.1.1
 
-      - name: Remove newpage tags
+      - name: Promote draft to release
         run: |
-          find release -name "*.md" -exec sed -i '/newpage/d' {} +
+          echo "GITHUB_WORKFLOW: ${GITHUB_WORKFLOW}"
+          echo "GITHUB_REF_NAME: ${GITHUB_REF_NAME}"
+          cd draft && find . -name "*.md" ! -name "info.md" -exec cp '{}' '../release/{}' \;
 
-      - name: Remove multiple blank lines
+      - name: Fix up markdown
         run: |
+          pwd
+          echo "rename draft to release"
+          find release -name "*.md" -exec sed -i "s|permalink: /draft/|permalink: /release/|" {} +
+          find release -name "*.md" -exec \
+          sed -i "s/.*the latest contributions to the Developer Guide.*/\#\#\# Release version $GITHUB_REF_NAME/" {} +
+          find release -name "*.md" -exec sed -i "s/ (Draft)//gI" {} +
+          echo "revise page ordering"
+          find release -name "*.md" -exec sed -i "/order: / s/$/0/" {} +
+          echo "remove newpage tags"
+          find release -name "*.md" -exec sed -i '/newpage/d' {} +
+          echo "Remove multiple blank lines"
           find release -name "*.md" -exec sed -i ':a; /^\n*$/{ s/\n//; N;  ba};' {} +
           find release -name "*.md" -exec sed -i '${/^$/d;}' {} +
 
+      - name: Retrieve pdfs and epubs
+        uses: actions/download-artifact@v4.1.7
+        with:
+          name: export-docs
+
+      - name: Update pdf and epub assets
+        run: |
+          pwd && ls -hal
+          cp OWASP_Developer_Guide.pdf assets/exports/.
+          cp OWASP_Developer_Guide.epub assets/exports/.
+
       - name: Create pull request
         uses: peter-evans/create-pull-request@v6.0.2
         with:
           title: |
-            Release ${{ github.ref_name }} of Developer Guide 
+            Release ${{ github.ref_name }} of Developer Guide
           body: |
             **Summary** :  
-            Pull request automatically generated for the latest release version  
+            Automatically generated pull-request for the latest release version  
             
             **Description for the changelog** :  
-            release of version ${{ github.ref_name }} 
+            release of version ${{ github.ref_name }}  
             
             **Other info** :  
-            Please verify and then merge the pull request to update the release  
-          commit-message: update to release version ${{ github.ref_name }} 
+            Please verify and then update the release by merging the pull request  
+          commit-message: update to release version ${{ github.ref_name }}
           branch: update-release
           base: main
           labels: release
-          assignees: jgadsden
-          reviewers: |
-            jgadsden
-            alezza
-            Shruti-s-kulkarni
-            hblankenship
-          draft: false
+          draft: false
diff --git a/draft/04-foundations/05-top-ten.md b/draft/04-foundations/05-top-ten.md
@@ -175,7 +175,7 @@ may also be referred to as 'OWASP Top 10'. Here is a list of the stable 'OWASP T
 * [Top 10 Proactive Controls][proactive10]
 * [Top 10 Web Application Security Risks][top10]
 
-Many of the OWASP Top 10s that are being worked on as 'incubator' projects so this list will change.
+Other OWASP Top 10s are 'incubator' projects, work in progress, so this list will change over time.
 
 ----
 
diff --git a/draft/12-metrics/00-toc.md b/draft/12-metrics/00-toc.md
@@ -13,6 +13,13 @@ order:
 
 ## 10. Metrics
 
+Metrics are important in an organization for various reasons, and in software security they can be used to:
+
+* measure the effectiveness of security controls
+* determine security posture
+* provide justification for security programs
+* and others
+
 At present the OWASP [Integration Standards project Application Wayfinder][wayfinder] project
 does not identify any OWASP projects that gather or process metrics, but this may change in the future.
 
diff --git a/draft/12-metrics/toc.md b/draft/12-metrics/toc.md
@@ -14,6 +14,13 @@ permalink: /draft/metrics/
 
 ## 10. Metrics
 
+Metrics are important in an organization for various reasons, and in software security they can be used to:
+
+* measure the effectiveness of security controls
+* determine security posture
+* provide justification for security programs
+* and others
+
 At present the OWASP [Integration Standards project Application Wayfinder][wayfinder] project
 does not identify any OWASP projects that gather or process metrics, but this may change in the future.
 
